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REMARKS/ARGUMENTS 
Claims 1 - 20 are pending. 

Claims 1-20 were rejected under 35 tJ.S.C. 102(e) for allegedly being 
anticipated by Lei et al., U.S. Patent No. 6,487,552. 

Claims 1 and 12 

The present invention relates to controlled access to information in a database. 
An aspect of the present invention includes receiving a request to access information in a 
database and producing a modified request that is based on an access policy. For example, claim 
1 recites "replacing said request for a first type of information with a modified request for a first 
type of information, wherein said modified request is based on said access policy." Kindly see 
independent claim 12 as well. 

Another aspect of the present invention includes producing a result from the 
modified query. The result comprises rows of information from an information store. 
Depending on an access policy, each row can include an instance of a first information from the 
information store or a masked value in place of the instance of the first information. For 
example, claim 1 recites "said result comprises rows of information, wherein each row of 
information includes either an instance of said first information or a masked value in place of an 
instance of said first information depending on said access policy." Kindly refer also to 
independent claim 12. 

Lei et al. teach limited access to rows in a table. "[I]t may not be desirable for all 
users to have access to all of the rows of a particular table. ... It may also be desirable to restrict 
access to certain rows for security reasons." Col 1, lines 29-37, They show modifying a 
relational database query by modifying a SELECT statement to incorporate a WHERE clause. 
For example, column 14, lines 4-20 show a query Q3 is modified to produce query Q4. The 
WHERE clause in query Q4 "restricts the rows selected by the query to those rows of table t 
where the value in the *lang' colunm equals the current value of the 'language' context 
attribute." Col 14, lines 17-19. 
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The WHERE clause therefore effectively eliminates certain rows in a table before 
processing an access query on the table; a very well known and understood function of the 
WHERE clause. Lei et al. therefore teach eliminating rows in a table (which the Office action 
seems to identify as "masked values") so that certain rows cannot be accessed. 

In contrast, however, the present invention does not eliminate rows of 
information; rather, information within rows which constitute the result of an access can be 
modified. Depending on an access policy, some of the information within a row is substituted 
with a "masked value in place of the information; the masking does not involve elimination of 
the row. For at least this reason, the Section 102 rejection is believed to be overcome. 

Claims 2,18, and 20 

A further aspect of the present invention is "a mask function which determines for 
a row whether said row includes an instance of said first information or a masked value in place 
of an instance of said first information." Claim 2. Kindly refer to claims 18 and 20 as well. 

The GetContextValueQ function in Lei et al. was cited for showing this aspect of 
the invention. The function appears in the WHERE clause of query Q4. As explained above, the 
WHERE clause effectively eliminates entire rows in a table in an access request. The 
GetContextValueQ function serves to identify which rows are to be eliminated. Respectfully, 
eliminating ("masking") entire rows in a table does not constitute determining "for a row 
whether said row includes an instance of said first information or a masked value in place of an 
instance of said first information." Rows are not eliminated according to the present invention; 
instead information in a row is selectively masked. Claim 2 (and claims 18 and 20) recite a mask 
function to do this. The Section 102 rejection of claims 2, 18, and 20 are therefore believed to be 
overcome. 

Claim 3 

Claim 3 recites "executing said mask function to produce either said masked 
value or said first information." The distinction over Lei et al. is that an eliminated row in Lei et 
al. is deemed to be "masked," according to the terminology adopted in the Office action; while in 
the present invention a row is NOT eliminated, but rather can contain a mask value or an 
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instance of first information as determined by executing the mask function. The Section 102 
rejection of claim 3 is believed to be overcome. 

Claims 4 and 13 

Claims 4 and 13 recite "eliminating portions of one or more of said rows of 
information in accordance with said access policy." The Office action cited the 
GetContextValueO function in Lei et al. The GetContextValueQ function eliminates entire rows 
in order to limit the view of the table to a certain language, by virtue of being in the WHERE 
clause. Lei et al. do not teach "eliminating portions of one or more of said rows of information 
in accordance with said access policy." The Section 102 rejection of claims 4 and 13 are 
believed to be overcome. 

Claims 6. 8. 9, 15, 16. and 19 

These claims is believed to be patentable based on the patentability of their 
respective base claims. 

Claim 5. 7. 14, and 17 

An aspect of the present invention as recited in independent claim 7 includes 
providing a query having a SELECT statement to access information in a relational database. 
The SELECT statement comprises "one or more column references, each column reference 
identifying a specific column in said relational database." A modified query is produced by 
"replacing at least one of said one or more column references with a mask function." A result is 
obtained firom the modified query comprising one or more rows of information, wherein "some 
rows of information comprise entirely of information fi-om said relational database, and other 
rows of information comprise information firom said relational database and a mask value, 
depending on said access policy." 
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(a) ^^one or more column references" 

The SELECT statement in the query Q3 of Lei et al. was cited for showing one or 
more column references because of the notation. However, the notation is a special case 
where all columns of the specified table are referenced. To distinguish this special case, claim 7 
has been amended to further recite each column reference identifying a specific column in said 
relational database . Claims 5, 14, and 17 have been similarly amended. As amended, the 
notation does not identify a specific column in said relational database . The Section 102 
rejection of claims 5, 7, 14, and 17 is therefore beUeved to be overcome for at least this reason. 

(b) ^^replacing ... with a mask function." 

Lei et al. show a replacing step, namely, Q3 is replaced with Q4. Col. 14, lines 5 - 
75. That replacement, however, does not involve "replacing at least one of said one or more 
colxmin references [of the SELECT statement] with a mask function." First there is no "column 
reference" in the query Q3. Second, the Let et al. replacement is simply to append a WHERE 
clause to the query Q3 to produce the query Q4. It is earnestly submitted that Lei et al. do not 
show this aspect of the present invention. The Section 102 rejection of claims 5, 7, 14, and 17 is 
therefore believed to be overcome for at least this reason. 

(c) ^^some rows of information comprise entirely of information from said relational 
database, and other rows of information comprise information from said relational 
database and a mask value, depending on said access policy." 

Lei et al. is further distinguished in that they effectively eliminate rows in a table; 
e.g., rows in which the language column equals the current value of the "language" context 
attribute. CoL 14, lines 18 - 20. Consequently, the rows are not accessed during the SELECT 
operation. By contrast, claim 7 recites that information in the rows themselves are masked, rows 
are NOT eliminated firom the SELECT operation. Lei et al. therefore do not teach, "some rows 
of information comprise entirely of information fi"om said relational database, and other rows of 
information comprise information fi"om said relational database and a mask value." The Section 
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102 rejection of claims 5, 7, 14, and 17 is therefore believed to be overcome for at least this 
reason. 

Claim 10 

As discussed above in connection with claim 7, the replacing step recited in 
claim 7 is not taught by Lei et al. Thus, "said step of replacing [being] performed at said client" 
(claim 10) is also not taught by Lei et al. The Section 102 rejection of claim 10 is believed to be 
overcome. 

Claim 11 

As discussed above in connection with claim 7, the replacing step recited in 
claim 7 is not taught by Lei et al. Thus, "said step of replacing [being] performed at said 
database server" (claim 1 1) is also not taught by Lei et al. The Section 102 rejection of claim 1 1 
is believed to be overcome. . 

CONCLUSION 

In view of the foregoing, all claims now pending in this Application are believed 
to be in condition for allowance. The issuance of a formal Notice of Allowance at an early date 
is respectfully requested. 

If the Examiner believes a telephone conference would expedite prosecution of 
this application, please telephone the undersigned at 650-326-2400. 



Respectfully submitted, 
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